CoSN Assesses Cloud Risks and Realities

  • By Margo Pierce
  • 02/05/13

Nearly all K-12 schools now use cloud technology in some form. But how many understand all the possibilities and pitfalls? That's the question posed by Security and Privacy of Cloud Computing, a new report to members of the Consortium for School Networking (CoSN).

“With nearly 90 percent of K-12 institutions reporting the use of one or more cloud-based applications, there are a growing number of school systems nationwide that must understand the potential challenges and opportunities associated with working ‘in the cloud,’” said Keith Krueger, CEO of CoSN, in a news release.

The report focuses on the privacy, security, and regulatory compliance impacts of “software as a service (SaaS) cloud computing. (One of the report’s authors, Jim Siegl, chair of the CoSN Technical Committee, explained some of these same issues in The Price of Free Cloud Resources.)

The report outlines common security and privacy risks that schools face. It offers administrators a list of questions to use when evaluating service-level agreements (SLAs) related to vendor services:

Availability

  • Does the provider offer a guaranteed service level?
  • What is the backup-and-restore process in case of a disaster?
  • What is the provider’s protection against denial-of-service attack?
  • What happens to your data if the provider shuts down or is sold?

Security

  • Does the provider use SSL encryptions on all pages, and not just the login and account-creation pages?
  • For multi-tenant hosting (many schools sharing the same system), how is data separated from that of other customers?
  • Does the provider perform background checks on personnel with administrative access to servers, applications, and customer data?
  • What happens if your cloud service provider has a data breach?
  • Do you have the ability to perform security incident investigations or e-discovery? If not, will the provider assist you?

Legal and Regulatory

  • Where is data hosted?
  • If there is a contract, does it state that the provider (and any subcontractors) will operate as a “School Official” as defined by FERPA?

As one in a series of EdTechNext “mini-reports developed to keep educators updated on the latest technology trends and their educational value,” the report offers a comprehensive overview of cloud computing security and privacy issues.

About the Author

Margo Pierce is a Cincinnati-based freelance writer.

Featured

  • abstract pattern of cybersecurity, ai and cloud imagery

    Report Identifies Malicious Use of AI in Cloud-Based Cyber Threats

    A recent report from OpenAI identifies the misuse of artificial intelligence in cybercrime, social engineering, and influence operations, particularly those targeting or operating through cloud infrastructure. In "Disrupting Malicious Uses of AI: June 2025," the company outlines how threat actors are weaponizing large language models for malicious ends — and how OpenAI is pushing back.

  • glowing shield hovers above a digital cloud platform with abstract data streams and cloud icons in the background

    Google to Acquire Cloud Security Firm Wiz in $32 Billion Deal

    Google has announced it will acquire cloud security startup Wiz for $32 billion. If completed, the acquisition — an all-cash deal — would mark the largest in Google's history.

  • group of educators working on computer

    Improve Teacher-Student Satisfaction by Removing Procurement Obstacles

    Intuitive tools help teachers gain flexibility and control over purchases, and more time back for doing what they love.

  • horizontal stack of U.S. dollar bills breaking in half

    ED Abruptly Cancels ESSER Funding Extensions

    The Department of Education has moved to close the door on COVID relief funding for schools, declaring that "extending deadlines for COVID-related grants, which are in fact taxpayer funds, years after the COVID pandemic ended is not consistent with the Department’s priorities and thus not a worthwhile exercise of its discretion."